Often, YouTubers add links to interesting and related content in the description box while posting videos on the platform. However, threat actors are using this option to bypass YouTube’s new content submission reviews and add links to fake ‘free’ apps and software containing malware.
The Cyble Research Labs (CRL) found malware hidden in these links on the YouTube channels. The links do not take the user to the app store but redirect them to malicious files that are password-protected archive files. Some of the known file hosting services are Discord, Github, Mega, Mediafire, and OneDrive.
According to the research, threat actors offer free YouTube Downloader adware to deceive users into downloading apps and software that are otherwise paid for. Users have been reported to use search terms to get some free media downloads: “software cracks” and “keygens”. Some YouTube channels have malicious links under their videos, and others have YouTube videos created with content that offers apps and games for free.
With the incentive to avoid paying for the subscription, threat actors post videos on their channel of tutorials that promise free installation of those apps. Deceptive campaigns that offer a premium version of an app for free are another scam that can cause system damage and compromise the privacy of the user leading to more damage.
As soon as a user clicks on a malicious link offering a free subscription, apps, software etc., the device gets attacked by malware that can copy and send their files, images, password, take screenshots of their screen, access their device even when the user is not using their laptop, phone or other device and perform multiple tasks in the background.
Victims’ money can be stolen from their banks or credit card, using their insurance details to send them fraudulent bills, having their details used to create accounts on various websites and schemes, and losing social security numbers, leading to government support and benefits and so on.
Hidden hacking malware
Not just free versions of paid apps and cloned software, cybercriminals are also using versions of free and legitimate apps to hide data hacking malware. It is important to use credible app stores and not to click on random links from a site that shows online upon searching. Uninstalling all the downloaded apps and files that may linger in the system files and running the antivirus scanner can help remove the damaging files. Deleting unwanted cookies and cache can help as well.
Some apps or tools that are added to the browser, like the spellchecker tool or music players, may also be malicious depending on where they are downloaded. Uninstalling free versions of paid apps and tools from the browser can avert damage to the system and the system data. Block URLs or links that seem suspicious and offer pirated copies of paid apps.
To further decrease the impact of such attacks, using a stronger password, opting for two-step authentication, OTPs, and other options that the devices and apps enable are advisable. Keeping the device UpToDate and updating all the software as it shows on the device, especially the antivirus software, is among the best practices.
What happens when the links are clicked?
The repercussions of using services based on stealing, like clicking on YouTube links to access pirated copies, can lead to innumerable problems. Countless IP addresses, credit card details, and passwords get sold online on the dark web. Opting for free apps that are otherwise paid may increase the risk of data theft and hacking. Moreover, makers of apps are on the lookout for similar schemes that come with malware in the name of their company. Miscreants that escape their radar may stay up on YouTube or other websites to dupe users. Offering and using paid apps for free using malicious ways is a criminal offence and can be penalized if found.